Senior Penetration Testing Engineer

About The Position

Requirements

• Degree or equivalent and typically requires 7+ years of relevant experience.
• Proficiency in scripting languages such as Python, Bash, or PowerShell.
• Expertise in tools such as Burp Suite Pro, Owasp ZAP, Nmap, and Kali Linux suite of tools for Web and Network Penetration testing.
• Experience with cloud penetration testing (AWS, Azure, GCP).
• Familiarity with MITRE ATT&CK framework and threat emulation techniques.
• Understanding of secure coding practices and common vulnerabilities (e.g., OWASP Top 10)
• Strong analytical and problem-solving abilities.
• Excellent written and verbal communication skills.
• Project and time management skills.

Nice To Haves

• Bachelor’s degree (in Computer Science, Cybersecurity, or a related field) or equivalent work experience.
• Advanced certifications (e.g., OSCP, OSWA, OSWE, OSEP, OSCE, BSCP, HTB CWES, HTB CWEE, or other).
• Experience in purple teaming and collaboration with defensive security teams.
• Experience managing application security tools, including SAST, DAST, SCA, and WAF solutions.
• Experience with bug bounty programs, including platforms such as HackerOne and Bugcrowd.
• Knowledge of regulatory frameworks, including PCI DSS, HIPAA, and NIST standards.
• Interest in and experience with AI, including development, infrastructure, agents, penetration testing, or red teaming use cases (e.g., XBOW, Hadrian NOVA, Horizon3, Pentera, vPenTest, or open source alternatives).

Responsibilities

• Penetration Testing: Plan, execute, and report on penetration tests targeting web applications, APIs, mobile applications, infrastructure, and cloud environments across McKesson.
• Identify exploitable vulnerabilities with both automated tools and manual techniques.
• Assist system and application owners in understanding risk and implementing effective remediation.
• Develop customized tools and exploitation techniques to support advanced testing tailored to specific engagements.
• Collaborate and communicate effectively with external penetration testing vendors and service providers.
• Security Tooling & Automation: Develop and maintain custom scripts and tools to support testing activities.
• Contribute to the integration of security tools and processes within CI/CD pipelines to improve testing coverage and efficiency.
• Evaluate and deploy commercial and open-source security testing tools.
• Project Management: Partner with application teams to gain a thorough understanding of environments and define scope for business critical McKesson applications.
• Define scope and track compliance of applications and entities with penetration testing policy requirements, including PCI DSS, HIPAA, and SOC.
• Schedule and coordinate outreach with application teams to manage engagements with internal or external vendor resources.
• Reporting & Communication: Deliver detailed, actionable reports to technical and non-technical stakeholders.
• Present findings and recommendations to engineering, operations, and leadership teams.
• Maintain documentation of testing methodologies, tools, and results.
• Security Research & Innovation: Stay current with emerging threats, vulnerabilities, and offensive security techniques.
• Participate in threat modeling and contribute to the development of attack simulations.
• Mentor junior team members and contribute to internal knowledge sharing.

Benefits

• competitive compensation package
• annual bonus or long-term incentive opportunities may be offered